Track whether or not a certificate_status message is allowed

author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-16 09:13:25 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-06-16 09:13:25 +0400
commit: 0d63885e9fc432eec6de3256123d7839fdaf37af (patch)
tree: d0b6a4f15ed6ff4b7e89e407124e937b8c2ffeb7 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
parent: 992abcbfa5b7d03cda1bbdafbc792146473601c1 (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index 73922a49..783fb26b 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -146,9 +146,20 @@ public class DTLSServerProtocol
             handshake.sendMessage(HandshakeType.certificate, certificateBody);
         }
 
-        if (serverCertificate != null && !serverCertificate.isEmpty())
+        // TODO[RFC 3546] Check whether empty certificates is possible, allowed, or excludes CertificateStatus
+        if (serverCertificate == null || serverCertificate.isEmpty())
+        {
+            state.allowCertificateStatus = false;
+        }
+
+        if (state.allowCertificateStatus)
         {
             // TODO[RFC 3546] Get certificate status, if any, and send
+            CertificateStatus certificateStatus = null; //tlsServer.getCertificateStatus();
+            if (certificateStatus != null)
+            {
+//                sendCertificateStatusMessage(certificateStatus);
+            }
         }
 
         byte[] serverKeyExchange = state.keyExchange.generateServerKeyExchange();
@@ -376,7 +387,10 @@ public class DTLSServerProtocol
 
         if (state.serverExtensions != null)
         {
+            // TODO[RFC 3546] Should this code check that the 'extension_data' is empty?
+            state.allowCertificateStatus = state.serverExtensions.containsKey(TlsExtensionsUtils.EXT_status_request);
             state.expectSessionTicket = state.serverExtensions.containsKey(TlsProtocol.EXT_SessionTicket);
+
             TlsProtocol.writeExtensions(buf, state.serverExtensions);
         }
 
@@ -617,6 +631,7 @@ public class DTLSServerProtocol
         int selectedCipherSuite = -1;
         short selectedCompressionMethod = -1;
         boolean secure_renegotiation = false;
+        boolean allowCertificateStatus = false;
         boolean expectSessionTicket = false;
         Hashtable serverExtensions = null;
         TlsKeyExchange keyExchange = null;
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-16 09:13:25 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-06-16 09:13:25 +0400
commit	0d63885e9fc432eec6de3256123d7839fdaf37af (patch)
tree	d0b6a4f15ed6ff4b7e89e407124e937b8c2ffeb7 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
parent	992abcbfa5b7d03cda1bbdafbc792146473601c1 (diff)